Similar presentations

2 ScenarioSteven is the managing director of a respected software company. After finding pornography downloaded on his network server and a number of individual office computers, he decided to hire a computer forensics investigator to build a case for employee dismissal.The Investigator was hired to locate deleted files if any and verify certain non-work related contents of the hard drives in question. The investigator was able to locate spy software, pornography, illegal file-sharing software from the hard drive of the suspicious employee. This led to employee dismissal.

5 IntroductionCyber activity has become an important part of everyday life of the general publicImportance of computer forensics:85% of business and government agencies detected security breachesFBI estimates that the United States loses up to $10 billion a year to cyber crime

6 History of Forensics Francis Galton (1822-1911)Made the first recorded study of fingerprintsLeone Lattes ( )Discovered blood groupings (A,B,AB, & 0)Calvin Goddard ( )Allowed Firearms and bullet comparison for solving many pending court casesAlbert Osborn ( )Developed essential features of document examinationHans Gross ( )Made use of scientific study to head criminal investigationsFBI (1932)A Lab was set up to provide forensic services to all field agents and other law authorities throughout the country

7 Definition of Forensic Science“Application of physical sciences to law in the search for truth in civil, criminal and social behavioral matters to the end that injustice shall not be done to any member of society”(Source: Handbook of Forensic Pathology College of American Pathologists 1990)Aim: determining the evidential value of crime scene and related evidence

8 Definition of Computer Forensics“A methodical series of techniques and procedures for gathering evidence, from computing equipment and various storage devices and digital media, that can be presented in a court of law in a coherent and meaningful format”- Dr. H.B. Wolfe

9 What Is Computer Forensics?According to Steve Hailey, Cybersecurity Institute“The preservation, identification, extraction, interpretation, and documentation of computer evidence, to include the rules of evidence, legal processes, integrity of evidence, factual reporting of the information found, and providing expert opinion in a court of law or other legal and/or administrative proceeding as to what was found.”

10 Need for Computer Forensics“Computer forensics is equivalent of surveying a crime scene or performing an autopsy on a victim”. {Source: James Borek 2001}Presence of a majority of electronic documents nowadaysSearch and identify data in a computerDigital Evidence is delicate in natureFor recoveringDeleted,Encrypted or,Corrupted files from a system

11 Evolution of Computer ForensicsFBI Computer Analysis and Response Team (CART) emergedInternational Law Enforcement meeting was conducted to discuss computer forensics & the need for standardized approachScientific Working Group on Digital Evidence (SWGDE) was established to develop standardsDigital Forensic Research Workshop (DFRWS) was held

12 Computer Forensics Flaws and RisksComputer forensics is in its early or development stagesIt is different from other forensic sciences as digital evidence is examinedThere is a little theoretical knowledge based up on which empirical hypothesis testing is doneDesignations are not entirely professionalThere is a lack of proper trainingThere is no standardization of toolsIt is still more of an “Art” than a “Science”

13 Corporate Espionage StatisticsCorporate computer security budgets increased at an average of 48% in 200262% of the corporate companies had their systems compromised by virusFBI statistics reveal that more than 100 nations are engaged in corporate espionage against US companiesMore than 2230 documented incidents of corporate espionage by the year 2003

14 Modes of AttacksCyber crime falls into two categories depending on the ways attack take placeFollowing are the two types of attacksInsider AttacksExternal Attacks

15 Cyber Crime Cyber crime is defined as“Any illegal act involving a computer, its systems, or its applications”The crime must be intentional and not accidental.Cyber crime is divided into 3 T’sTools of the crimeTarget of the crimeTangential to the crime

16 Examples of Cyber CrimeA few examples of cyber crime include:Theft of intellectual propertyDamage of company service networksFinancial fraudHacker system penetrationsDenial of Service AttacksPlanting of virus and worms

17 Reason for Cyber AttacksMotivation for cyber attacksExperimentation and a desire for script kiddies to learnPsychological needsMisguided trust in other individualsRevenge and malicious reasonsDesire to embarrass the targetEspionage - corporate and governmental

18 Role of Computer Forensics in Tracking Cyber CriminalsIdentifying the crimeGathering the evidenceBuilding a chain of custodyAnalyzing the evidencePresenting the evidenceTestifyingProsecution

19 Rules of Computer ForensicsMinimize the option of examining the original evidenceObey rules of evidenceNever exceed the knowledge baseDocument any changes in evidence

20 Computer Forensics MethodologiesThe 3 A’sAcquire evidence without modification or corruptionAuthenticate that the recovered evidence is same as the originally seized dataAnalyze data without any alterations

21 Accessing Computer Forensics ResourcesResources can be referred by joining various discussion groups such as:Computer Technology Investigators NorthwestHigh Technology Crime Investigation AssociationJoining a network of computer forensic experts and other professionalsNews services devoted to computer forensics can also be a powerful resourceOther resources:Journals of forensic investigatorsActual case studies

23 Maintaining professional conductProfessional conduct determines the credibility of a forensic investigatorInvestigators must display the highest level of ethics and moral integrityConfidentiality is an essential feature which all forensic investigators must displayDiscuss the case at hand only with person who has the right to know

24 Understanding Enforcement Agency InvestigationsEnforcement agency investigations include:Tools used to commit the crimeReason for the crimeType of crimeInfringement on someone else’s rights by cyberstalking

25 Understanding Corporate InvestigationsInvolve private companies who address company policy violations and litigation disputesCompany procedures should continue without any interruption from the investigationAfter the investigation the company should minimize or eliminate similar litigationsIndustrial espionage is the foremost crime in corporate investigations

28 SummaryThe need for computer forensics has grown to a large extent due to the presence of a majority of digital documentsA computer can be used as a tool for investigation or as evidenceMinimize the option of examining the original evidence3A’s of Computer forensics methodologies are – Acquire, Authenticate, and AnalyzeA computer forensic investigator must be aware of the steps involved in the investigative process